Improve password generation for link shares

Use web crypto when generating password for link shares whenever the password policy app is disabled. Signed-off-by: Vincent Petry <vincent@nextcloud.com> Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
2026-06-09 00:32:29 -04:00 · 2023-01-11 15:21:26 +01:00 · 2023-01-11 15:21:26 +01:00 · 2aad203c99
commit 2aad203c99
parent ff90735db7
3 changed files with 12 additions and 9 deletions
--- a/apps/files_sharing/src/utils/GeneratePassword.js
+++ b/apps/files_sharing/src/utils/GeneratePassword.js
@ -24,6 +24,7 @@ import axios from '@nextcloud/axios'
 import Config from '../services/ConfigService'

 const config = new Config()
+// note: some chars removed on purpose to make them human friendly when read out
 const passwordSet = 'abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789'

 /**
@ -46,10 +47,12 @@ export default async function() {
 		}
 	}

-	// generate password of 10 length based on passwordSet
-	return Array(10).fill(0)
-		.reduce((prev, curr) => {
-			prev += passwordSet.charAt(Math.floor(Math.random() * passwordSet.length))
-			return prev
-		}, '')
+	const array = new Uint8Array(10)
+	const ratio = passwordSet.length / 255
+	self.crypto.getRandomValues(array)
+	let password = ''
+	for (let i = 0; i < array.length; i++) {
+		password += passwordSet.charAt(array[i] * ratio)
+	}
+	return password
 }
--- a/dist/files_sharing-files_sharing_tab.js
+++ b/dist/files_sharing-files_sharing_tab.js
--- a/dist/files_sharing-files_sharing_tab.js.map
+++ b/dist/files_sharing-files_sharing_tab.js.map